[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

RE: [K12OSN] Anyone setup their LTSP server web browser to redire ct to a user accpetance page?



> I have been trying to figure out how to incorporate Squid and Dan's
> Guardian
> with my LTSP server on a single box, and I am having problems.  I am using
> K12LTSP 5.0.  I can not get the transparent proxy to work at all.  I have
> been trying manually to redirect web traffic and I have hit a wall.  If
> anyone out there could help, I would greatly appreciate and will be will
> to
> name my first born after them.
>
>
> Jeffrey M. Myers
> Technology Support Consultant II
> El Dorado Correctional Facility
> (316) 322-2077 FAX (316) 322-2019
> jeffmy kdoc dc state ks us
>

Hey Jeff,

You are in luck. Here is my documented configurations for a fresh build of
CentOS v5. This should work for your ltsp setup (Config setup below)
except the IP's will be different. This will route all port 80 traffic to
port 8080 (Dansguardian) and then it would be passed on to 3128 (Squid).
:) Let me know if you need help.


-Wilson


==CENTOS v5==
Load CENTOS v5 - Server
wget
http://apt.sw.be/packages/rpmforge-release/rpmforge-release-0.3.6-1.el5.rf.i386.rpm
rpm -ivh rpmforge-release-0.3.6-1.el5.rf.i386.rpm

yum install squid dansguardian caching-nameserver

Eth0 = RR Modem
Eth1 = LAN (192.168.100.1)
-------------------------------------------------------------------------------------------------

/etc/squid/squid.conf
http_port 3128 transparent <----Add transparent

#Recommended minimum configuration:
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl wirelessNetwork src 192.168.100.0/255.255.255.0  <----


# And finally deny all other access to this proxy
## Allow Wireless
http_access allow wirelessNetwork  <----
http_access allow localhost
http_access deny all

## Transparent Proxying
httpd_accel_host virtual  <----
httpd_accel_port 80  <----
httpd_accel_with_proxy on  <----
httpd_accel_uses_host_header on  <----

-------------------------------------------------------------------------------------------------

/etc/dansguardian/dansguardian.conf
filterip = 192.168.100.1  <----

-------------------------------------------------------------------------------------------------

/etc/sysctl.conf
# Controls IP packet forwarding
net.ipv4.ip_forward = 1  <----

-------------------------------------------------------------------------------------------------

/etc/sysconfig/iptables
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-ports 8080
-A POSTROUTING -s 192.168.100.0/24 -o eth0 -j MASQUERADE
COMMIT

*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j
ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j
ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j
ACCEPT
# Some ICMP messages aren't particularly useful and can be particularly
# nasty, so drop them or rate limit them as appropriate.
#
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type 5 -j DROP
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type 9 -j DROP
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type 10 -j DROP
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type 15 -j DROP
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type 16 -j DROP
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type 17 -j DROP
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type 18 -j DROP
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type 8 -m limit --limit
1/sec -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type 8 -j DROP
-A RH-Firewall-1-INPUT -p icmp -m icmp ! --icmp-type 8 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT

-------------------------------------------------------------------------------------------------




> -----Original Message-----
> From: wilson wilsonch gotdns com [mailto:wilson wilsonch gotdns com]
> Sent: Monday, July 02, 2007 8:34 PM
> To: k12osn redhat com
> Subject: [K12OSN] Anyone setup their LTSP server web browser to redirect
> to
> a user accpetance page?
>
> Anyone know of a way to redirect web traffic to a user acceptance page
> first before allowing them to surf the web? Im looking at NoCatSplash
> (http://nocat.net) for all my users LTSP & Wireless clients. Anyone get
> this working or know of a way to do this? Thanks!
>
> Setup is CentOS, LTSP, Dansguardian, and Squid.
>
>
> Wilson
>
> _______________________________________________
> K12OSN mailing list
> K12OSN redhat com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>
>
> _______________________________________________
> K12OSN mailing list
> K12OSN redhat com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>
>


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]